"DDOS" for MONTHS on end with no resolution UNACCEPTABLE

[Havenchild]

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.



It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

You are correct in that this could be a solution mitigated through load balancing in something like AWS.

There are two specific issues though.

1) Going this route will cost SE a fat sum of cash. Likely approaching millions per month to create load balancing for their servers.

2) Queue times go up for everyone on the regular. During a DDOS event, you may even get a complete baloon of the queue ala Endwalker.

A special reasoning -

Cloud delay. Im not entirely sure how authentication works in XIV but if the client somewhere checks in with the server even after you log in (to maintain connection), you will likely create client/mechanic delay every check in as the data now passes through this cloud environment.

Lastly, when there isn't an attack, SE is just bleeding money for no reason. Probably why they haven't bothered going this route. Little gains, roughly the same problems.

[Arzalis]

You are correct in that this could be a solution mitigated through load balancing in something like AWS.

There are two specific issues though.

1) Going this route will cost SE a fat sum of cash. Likely approaching millions per month to create load balancing for their servers.

2) Queue times go up for everyone on the regular. During a DDOS event, you may even get a complete baloon of the queue ala Endwalker.

A special reasoning -

Cloud delay. Im not entirely sure how authentication works in XIV but if the client somewhere checks in with the server even after you log in (to maintain connection), you will likely create client/mechanic delay every check in as the data now passes through this cloud environment.

Lastly, when there isn't an attack, SE is just bleeding money for no reason. Probably why they haven't bothered going this route. Little gains, roughly the same problems.

Something like FFXIV would still have a point of failure somewhere along the way. If it's not the game servers, it'd be the auth servers. If it's not the auth servers, they can hit the node one jump before which SE would have no control over. A targeted DDOS attack is pretty much impossible to prevent. They've been problems for ages and nobody really has a solution for a reason. They basically exploit a flaw in the entire internet and networking as a whole.

The best solution we've gotten so far is stuff like Cloudflare which, and I'm simplifying, basically hides your actual IP address and forwards traffic from their servers. If it gets DDoSed, they swap servers to mitigate the attack. That doesn't work for games because it introduces a ton of latency.

[Kiyumi]

While there's no reason to get dramatic about every little thing, this problem has gone on too long and too hugely.

SE isn't some indie company without options - it's a massive corporation of sufficient size and weight to make any network deals they want and afford any infrastructure that can be done. They don't make less money from FF14 than the MMO's who do manage to shut this sort of thing down way better, they make far, far more.

Being DDoS'd because of some mistakes can happen. But this long? This persistently? Sorry, but they're doing something wrong. You can fix it with the cloud, with clever deals, with active teams reaching out, with stronger infrastructural failsaves, there's many routes, and you can combine them.

But very clearly, they're not doing enough. They have no reason to be doing worse at this than everyone else is, yet they are. It's a failure on their end, and at this point they owe us an apology, an explanation and a solution.

Please stop defending the corporation making hundreds of millions from this game, they don't need your defense, they need to understand they can't allow this to keep happening.

(honestly, same for the VISA issue. Sure, it was a third party, but who struck that deal? Who struck that deal without making sure they have clauses and fallback options for the transition? SE is not being professional about this right now, at all.)

[Valkyrie_Lenneth]

While there's no reason to get dramatic about every little thing, this problem has gone on too long and too hugely.

SE isn't some indie company without options - it's a massive corporation of sufficient size and weight to make any network deals they want and afford any infrastructure that can be done. They don't make less money from FF14 than the MMO's who do manage to shut this sort of thing down way better, they make far, far more.

Being DDoS'd because of some mistakes can happen. But this long? This persistently? Sorry, but they're doing something wrong. You can fix it with the cloud, with clever deals, with active teams reaching out, with stronger infrastructural failsaves, there's many routes, and you can combine them.

But very clearly, they're not doing enough. They have no reason to be doing worse at this than everyone else is, yet they are. It's a failure on their end, and at this point they owe us an apology, an explanation and a solution.

Please stop defending the corporation making hundreds of millions from this game, they don't need your defense, they need to understand they can't allow this to keep happening.

(honestly, same for the VISA issue. Sure, it was a third party, but who struck that deal? Who struck that deal without making sure they have clauses and fallback options for the transition? SE is not being professional about this right now, at all.)

The government can barely make isps move and you think a relatively small company (in the grand scheme of things) can do anything?

[Havenchild]

The government can barely make isps move and you think a relatively small company (in the grand scheme of things) can do anything?

People commenting on concepts they have no understanding about while simultaneously making it seem like the solutions that easy is peak XIV forums.

[Lorika]

I guess you never played one before. Look up Guild Wars 1 and Phantasy Star games.

25 years i'm playing MMO, so ofc iplayed on private server several times.
Lol at your choices... especially since GW1 official servers still running.... and the PSO aren't MMO, especially the 2 first : they are P2P, the servers were only there for hosting "lobby" and connect player to each others.